华为WLAN通过双链路实现AC热备

1.交换机的配置
[SW]vlan batch 10 to 14 801
[SW-GigabitEthernet0/0/10]port link-type trunk
[SW-GigabitEthernet0/0/10]port trunk pvid vlan 10
[SW-GigabitEthernet0/0/10]port trunk allow-pass vlan 10 to 14
[SW-GigabitEthernet0/0/11]port link-type trunk
[SW-GigabitEthernet0/0/11]port trunk pvid vlan 10
[SW-GigabitEthernet0/0/11]port trunk allow-pass vlan 10 to 14
[SW-GigabitEthernet0/0/1]port link-type trunk
[SW-GigabitEthernet0/0/1]port trunk allow-pass vlan 10 to 14 801
[SW-GigabitEthernet0/0/2]port link-type trunk
[SW-GigabitEthernet0/0/2]port trunk allow-pass vlan 10 to 14 801
[SW-Vlanif801]ip address 10.1.201.1 24 //用于交换机和AC通信
配置各业务的网关
[SW-Vlanif10]ip address 10.1.10.1 24
[SW-Vlanif11]ip address 10.1.11.1 24
[SW-Vlanif12]ip address 10.1.12.1 24
[SW-Vlanif13]ip address 10.1.13.1 24
[SW-Vlanif14]ip address 10.1.14.1 24
[SW]int LoopBack 0
[SW-LoopBack0]ip add 101.101.101.101 32 //模拟公网
2.AC1的基础配置
[AC1]vlan batch 10 to 14 801
[AC1-GigabitEthernet0/0/8]port link-type trunk
[AC1-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801
配置vlan相应的三层接口IP地址
[AC1-Vlanif10]ip add 10.1.10.100 24
[AC1-Vlanif11]ip add 10.1.11.100 24
[AC1-Vlanif12]ip add 10.1.12.100 24
[AC1-Vlanif13]ip add 10.1.13.100 24
[AC1-Vlanif14]ip add 10.1.14.100 24
[AC1-Vlanif801]ip add 10.1.201.100 24
检查配置结果

[AC1]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1 //配置静态路由指向交换机

3.创建AP组
[AC1]wlan
[AC1-wlan-view]ap-group name ap-g1
[AC2]wlan
[AC2-wlan-view]ap-group name ap-g1
4.配置AP上线
开启DHCP服务
[AC1]dhcp enable
[AC1]ip pool ap
[AC1-ip-pool-ap]network 10.1.10.0 mask 24
[AC1-ip-pool-ap]gateway-list 10.1.10.1
[AC1-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100
[AC1-Vlanif10]dhcp select global
[AC1]ip pool sta1
[AC1-ip-pool-sta1]network 10.1.11.0 mask 24
[AC1-ip-pool-sta1]gateway-list 10.1.11.1
[AC1]ip pool sta2
[AC1-ip-pool-sta2]gateway-list 10.1.12.1
[AC1-ip-pool-sta2]network 10.1.12.0 mask 24
[AC1]ip pool sta3
[AC1-ip-pool-sta3]network 10.1.13.0 mask 24
[AC1-ip-pool-sta3]gateway-list 10.1.13.1
[AC1]ip pool sta4
[AC1-ip-pool-sta4]network 10.1.14.0 mask 24
[AC1-ip-pool-sta4]gateway-list 10.1.14.1
[AC1-Vlanif11]dhcp select global
[AC1-Vlanif12]dhcp select global
[AC1-Vlanif13]dhcp select global
[AC1-Vlanif14]dhcp select global
配置业务vlan pool：vlan分配算法为hash
[AC1]vlan pool sta-p1
[AC1-vlan-pool-sta-p1]vlan 11 12
[AC1-vlan-pool-sta-p1]assignment hash
[AC1]vlan pool sta-p2
[AC1-vlan-pool-sta-p2]vlan 13 14
[AC1-vlan-pool-sta-p2]assignment hash
配置域管理模板
[AC1-wlan-view]regulatory-domain-profile name dom1
[AC1-wlan-regulate-domain-dom]country-code cn
[AC1]capwap source interface Vlanif 801 //AC1的源接口
配置AP认证：MAC认证
[AC1]wlan
[AC1-wlan-view]ap auth-mode mac-auth
[AC1-wlan-view]ap-mac 00e0-fc96-3580 ap-id 0
[AC1-wlan-ap-0]ap-group ap-g1
[AC1-wlan-ap-0]ap-name ap1
[AC1-wlan-view]ap-mac 00e0-fcb5-5820 ap-id 1
[AC1-wlan-ap-1]ap-group ap-g1
[AC1-wlan-ap-1]ap-name ap2

5.AC1上配置WLAN业务
创建安全模板，配置安全策略
[AC1]wlan
[AC1-wlan-view]security-profile name kh1
[AC1-wlan-sec-prof-kh1]security open
[AC1-wlan-view]security-profile name zg1
[AC1-wlan-sec-prof-zg1]security wpa2 psk pass-phrase a1234567 aes
创建SSID模板
[AC1-wlan-view]ssid-profile name kh1
[AC1-wlan-ssid-prof-kh1]ssid kh1
[AC1-wlan-view]ssid-profile name zg1
[AC1-wlan-ssid-prof-zg1]ssid zg1
创建vap模板，并引用安全和SSID模板
[AC1-wlan-view]vap-profile name kh1
[AC1-wlan-vap-prof-kh1]forward-mode direct-forward
[AC1-wlan-vap-prof-kh1]service-vlan vlan-pool sta-p1
[AC1-wlan-vap-prof-kh1]security-profile kh1
[AC1-wlan-vap-prof-kh1]ssid-profile kh1
[AC1-wlan-view]vap-profile name zg1
[AC1-wlan-vap-prof-zg1]forward-mode direct-forward
[AC1-wlan-vap-prof-zg1]service-vlan vlan-pool sta-p2
[AC1-wlan-vap-prof-zg1]security-profile zg1
[AC1-wlan-vap-prof-zg1]ssid-profile zg1
AP组引用域管理模板和vap模板
[AC1-wlan-view]ap-group name ap-g1
[AC1-wlan-ap-group-ap-g1]regulatory-domain-profile dom1
[AC1-wlan-ap-group-ap-g1]vap-profile kh1 wlan 1 radio all
[AC1-wlan-ap-group-ap-g1]vap-profile zg1 wlan 2 radio all
查看vap状态

6.配置备用AC2的基础
[AC2]vlan batch 10 to 14 801
[AC2-GigabitEthernet0/0/8]port link-type trunk
[AC2-GigabitEthernet0/0/8]port trunk allow-pass vlan 10 to 14 801
[AC2-Vlanif10]ip add 10.1.10.200 24
[AC2-Vlanif11]ip add 10.1.11.200 24
[AC2-Vlanif12]ip add 10.1.12.200 24
[AC2-Vlanif13]ip add 10.1.13.200 24
[AC2-Vlanif14]ip add 10.1.14.200 24
[AC2-Vlanif801]ip add 10.1.201.200 24

[AC2]ip route-static 0.0.0.0 0.0.0.0 10.1.201.1
创建AP组
[AC2-wlan-view]ap-group name ap-g1
开启DHCP服务
[AC2]dhcp enable
[AC2]ip pool ap
[AC2-ip-pool-ap]network 10.1.10.0 mask 24
[AC2-ip-pool-ap]gateway-list 10.1.10.1
[AC2-ip-pool-ap]option 43 sub-option 3 ascii 10.1.201.100
[AC2-Vlanif10]dhcp select global
[AC2]ip pool sta1
[AC2-ip-pool-sta1]network 10.1.11.0 mask 24
[AC2-ip-pool-sta1]gateway-list 10.1.11.1
[AC2]ip pool sta2
[AC2-ip-pool-sta2]network 10.1.12.0 mask 24
[AC2-ip-pool-sta2]gateway-list 10.1.12.1
[AC2-ip-pool-sta2]ip pool sta3
[AC2-ip-pool-sta3]network 10.1.13.0 mask 24
[AC2-ip-pool-sta3]gateway-list 10.1.13.1
[AC2-ip-pool-sta3]ip pool sta4
[AC2-ip-pool-sta4]network 10.1.14.0 mask 24
[AC2-ip-pool-sta4]gateway-list 10.1.14.1
使vlanif接口能DHCP功能
[AC2-Vlanif11]dhcp select global
[AC2-Vlanif12]dhcp select global
[AC2-Vlanif13]dhcp select global
[AC2-Vlanif14]dhcp select global
配置vlan pool，用于业务vlan
[AC2]vlan pool sta-p1
[AC2-vlan-pool-sta-p1]vlan 11 12
[AC2-vlan-pool-sta-p1]assignment hash
[AC2]vlan pool sta-p2
[AC2-vlan-pool-sta-p2]vlan 13 14
[AC2-vlan-pool-sta-p2]assignment hash

7. 配置AC2域管理模板
   [AC2-wlan-view]regulatory-domain-profile name dom1
   [AC2-wlan-regulate-domain-dom]country-code cn
   8.配置AC2的源接口
   [AC2]capwap source interface Vlanif 801
   9.配置AC2的AP认证
   [AC2]wlan
   [AC2-wlan-view]ap auth-mode mac-auth
   [AC2-wlan-view]ap-mac 00e0-fc96-3580 ap-id 0
   [AC2-wlan-ap-0]ap-group ap-g1
   [AC2-wlan-ap-0]ap-name ap1
   [AC2-wlan-view]ap-mac 00e0-fcb5-5820 ap-id 1
   [AC2-wlan-ap-1]ap-name ap2
   [AC2-wlan-ap-1]ap-group ap-g1
   10.AC2上配置WLAN业务参数
   创建安全模板，配置安全策略
   [AC2]wlan
   [AC2-wlan-view]security-profile name kh1
   [AC2-wlan-sec-prof-kh1]security open
   [AC2-wlan-view]security-profile name zg1
   [AC2-wlan-sec-prof-zg1]security wpa2 psk pass-phrase a1234567 aes
   创建ssid模板
   [AC2-wlan-view]ssid-profile name kh1
   [AC2-wlan-ssid-prof-kh1]ssid kh1
   [AC2-wlan-view]ssid-profile name zg1
   [AC2-wlan-ssid-prof-zg1]ssid zg1
   创建VAP模板，转发模式为直接转发，引用安全和ssid模板
   [AC2-wlan-view]vap-profile name kh1
   [AC2-wlan-vap-prof-kh1]forward-mode direct-forward
   [AC2-wlan-vap-prof-kh1]service-vlan vlan-pool sta-p1
   [AC2-wlan-vap-prof-kh1]security-profile kh1
   [AC2-wlan-vap-prof-kh1]ssid-profile kh1
   [AC2-wlan-view]vap-profile name zg1
   [AC2-wlan-vap-prof-zg1]forward-mode direct-forward
   [AC2-wlan-vap-prof-zg1]service-vlan vlan-pool sta-p2
   [AC2-wlan-vap-prof-zg1]security-profile zg1
   [AC2-wlan-vap-prof-zg1]ssid-profile zg1
   AP组引用管理模板和VAP模板
   [AC2-wlan-view]ap-group name ap-g1
   [AC2-wlan-ap-group-ap-g1]regulatory-domain-profile dom1
   [AC2-wlan-ap-group-ap-g1]vap-profile kh1 wlan 1 radio all
   [AC2-wlan-ap-group-ap-g1]vap-profile zg1 wlan 2 radio all
   11.在主AC1和AC2上配置双链路备份
   [AC1-wlan-view]ac protect enable
   [AC1-wlan-view]ac protect protect-ac 10.1.201.200 priority 1
   [AC2-wlan-view]ac protect enable
   [AC2-wlan-view]ac protect protect-ac 10.1.201.100 priority 5
   [AC1-wlan-view]ap-reset all //重启AP
   12.配置双机热备份
   在主AC1上配置
   [AC1]hsb-service 0
   [AC1-hsb-service-0]service-ip-port local-ip 10.1.201.100 peer-ip 10.1.201.200 local-data-port 10241 peer-data-port 10241 //创建HSB主备服务0
   [AC1]hsb-service-type ap hsb-service 0 //将wlan业务绑定HSB主备服务
   [AC1]hsb-service-type access-user hsb-service 0 //将NAC业务绑定HSB主备服务
   在备AC2上配置
   [AC2]hsb-service 0
   [AC2-hsb-service-0]service-ip-port local-ip 10.1.201.200 peer-ip 10.1.201.100 local-data-port 10241 peer-data-port 10241
   [AC2]hsb-service-type ap hsb-service 0
   [AC2]hsb-service-type access-user hsb-service 0
   13.结果验证
   查看双链路备份的配置信息
   
   
   查看主备服务建立情况
   
   
   查看AP情况
   
   
   将AC1与交换机连线断掉，1分30秒后在AC2上查看ap情况